Ansible post-Heroku
Can we get rid of Ansible after moving the digital collections to Heroku? What’s standing in our way?
Things we have to keep
Things we eliminated
S3 bucket management (see issue #1023). We are using Terraform for this instead.
Building ArchivesSpace (details). No longer needed since we switched to a third-party host in 2021.
Encrypted information
We’ve used Ansible (specifically, the vault
files) as a default place to store encrypted information (e.g. ssl certs, etc.). playbooks can then copy that info onto new servers.
We have moved sensitive information that is no longer required by any playbooks to a secure spot on a shared drive, so we aren’t relying on Ansible for that function anymore. Accordingly, we are moving that info out of Ansible as we move it.
Playbooks and roles
This diff gives a rough idea of the playbooks and roles we have eliminated since the switch.